Hi there, I was able to get to this point from reading other peoples posts. This site is a real helper! I am so greatfull at how great you guys are! WOW.

anyways, here is my Combofix log and Hijackthis logs



[recovering disk space -- attachment deleted by admin]Is there an icon in your toolbar, a yellow triangle warning sign WELCOME to CH.

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

- R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
- O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} -
- O21 - SSODL: mgxfebsq - {7F2CD258-C7A5-421C-B7E4-50D8623A2B55} - C:\WINDOWS\mgxfebsq.dll

Important: Close all windows except for HijackThis and then click Fix checked.

Exit HijackThis.

----------

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]KillAll::

Folder::
C:\x

File::
C:\WINDOWS\system32\2.ico
C:\WINDOWS\system32\casino3.ico
C:\WINDOWS\system32\casino2.ico
C:\WINDOWS\system32\casino1.ico
C:\WINDOWS\system32\1.ico
C:\WINDOWS\vmgspntbnrp.dll
C:\WINDOWS\dtseqrxk.dll
C:\WINDOWS\mgxfebsq.dll
C:\WINDOWS\fqbewlna.dll
C:\WINDOWS\mqgldfvo.exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7287293E-B0BE-4A31-B52B-EA15F57679E3}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

[-HKEY_CLASSES_ROOT\clsid\{94e952a4-fae1-40e5-bbe1-8199d8cf7fd0}]

[-HKEY_CLASSES_ROOT\fqbewlna.1]

[-HKEY_CLASSES_ROOT\TypeLib\{0955BCF0-2DB3-4926-B985-1ED8F0894D73}]

[-HKEY_CLASSES_ROOT\fqbewlna]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the SCREENSHOT below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freezeHere is the log but for some reason it didnt reboot before giving me this log?

[recovering disk space -- attachment deleted by admin]

Download

• Save it to your desktop.

• Double-click OTMoveIt2.exe to run it.
  
• Copy the lines in the codebox below.

• Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste

• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) and paste it in your next reply.
  
• Close OTMoveIt2

• Double-click mbam-setup.exe and follow the prompts to install the program.
  
• At the end, be sure a checkmark is placed next to the following:
• Update Malwarebytes' Anti-Malware
  
• Launch Malwarebytes' Anti-Malware

• Then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Be sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and Paste the entire report in your next reply.